Check Point: No security threat

The firewall software vendor posts a statement on its Web site to reassure customers and partners about the safety of its flagship FireWall-1 software.

December 16, 199712:10 PM PST

Firewall software vendor Check
Point (CHKPF) today posted a statement
on its Web site to reassure customers and partners about the safety of its
flagship FireWall-1 software.

The issue arose after a Canadian security software firm, Secure Network Incorporated (SNI), last
week distributed an advisory suggesting that default settings in FireWall-1
allow outsiders to obtain information about the firewall and the network
it protects. SNI suggested that hackers potentially could use that
information to break into a system.

Today Check Point denied SNI's claim, reported by NEWS.COM in a story on Friday.
The firewall vendor insists information obtained in a Simple Network
Management Protocol (SNMP) request does not enable a security breach of
FireWall-1.

"SNMP doesn't create a security threat to FireWall-1," Check Point chief
executive Deborah Triant said in a statement. "No information available via
SNMP will enable a hacker to break through a properly configured FireWall-1
system."

However, SNI yesterday rejected Check Point's request that it withdraw the
security advisory about FireWall-1, posted December 9 both to an Internet
mailing list and on SNI's Web
site.

In an interview, Check Point's Triant minimized any danger: "This
information can't be used to break in. It can be used to help identify
weaknesses, but those are trivial compared to information from other
sources."

Several weeks ago, Check Point changed the default settings on FireWall-1
to block SNMP access except for authorized internal users--one of the
weaknesses cited in SNI's security alert.

SNMP is a protocol used by routers, printers, switches, and other network
devices to communicate with each other for management purposes. It
discloses such information as the name of the host, the number of packets
transferred or dropped, the number of network interfaces, and the IP addresses
of these interfaces.

Check Point contends that such information does not give hackers a way to
breach the security of a network, a possibility that SNI posed in its
advisory.

Check Point suggests customers worried about security reconfigure their
FireWall-1 systems to make SNMP data information available only to
authorized management
stations internally. That is Check Point's new default setting for
configuring FireWall-1.

Check Point posted that new default setting for several weeks for its resellers
in a maintenance patch for version 3.0 of its firewall, and the patch was posted publicly today on Check Point's site. It also posted
information on how to change the SNMP
configuration setting for earlier versions of FireWall-1.

What Amazon's one-day shipping means for you: Last week, Amazon announced it will decrease the standard shipping time for Prime members from two days to one. In this Tech Minute, here's how this change will impact your deliveries.